It was years ago that I started Windows on it...
Thanks again!
--
Bo Berglund
Developer in Sweden
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
using the existing files the users need only modify the connection port
in their OVPN files to be able to connect...
Please advice the best solution!
TIA
--
Bo Berglund
Developer in Sweden
___
Openvpn-users mailing list
Openvpn-users
the CGNAT-ed LAN allowing a user to connect to the accessible
OpenVPN server and then from there into the tunnel towards the CGNATed LAN?
If so is there some documentation as to how one could set it up (and what would
such a scheme be named for further web searches)?
--
Bo Berglund
Developer in
ne:
If your server side LAN uses 192.168.1.x as its LAN you need to change that if
you want your OpenVPN server to be used while traveling.
--
Bo Berglund
Developer in Sweden
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
ubuntu3 500
500 http://us.archive.ubuntu.com/ubuntu jammy/main amd64 Packages
As you see there is no 2.6.x suggested, so how/whwn will it be available for
Ubuntu?
--
Bo Berglund
Developer in Sweden
___
Openvpn-users mailing list
Op
ld examine the settings for the call from openvpn, it
cannot be fixed within the script since that works as designed.
Also examine the server logs.
--
Bo Berglund
Developer in Sweden
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
ht
ns
like:
LOG_FILE="/tmp/Connections.log"
It is like using /var/log and hoping for the best
It never turns out as you want...
--
Bo Berglund
Developer in Sweden
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
er
(If your server is named something else like serverweb then replace the text
after @)
--
Bo Berglund
Developer in Sweden
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
> #!/bin/bash
> export script_type="client-connect"
> export common_name="CommonName"
> export trusted_ip="192.168.129.253"
> ./server-events.sh <== HERE a call is made to the main script!
> exit 0
> --------
And you a
ot; ]; then
echo "$LOG_TIME - $common_name connect IP $trusted_ip" >> "$LOG_FILE"
elif [ "$script_type" == "client-disconnect" ]; then
echo "$LOG_TIME - $common_name disconnect IP $trusted_ip" >> "$LOG_FILE"
fi
exit 0
---
On Sun, 25 Feb 2024 15:31:20 +0100, Bo Berglund wrote:
>On Sun, 25 Feb 2024 10:50:05 +, Peter Davis via Openvpn-users
> wrote:
>
>>Hello,
>>I installed shellcheck and result is:
>>
>># shellcheck script-events.sh
>>
>>In script-events.sh line
says that there is *no* problem with the script itself
syntactically, just that shellcheck does not know of the environment varibles
provided by the caller.
--
Bo Berglund
Developer in Sweden
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
ot;sudo apt install shellcheck" if you do not already have it installed...
--
Bo Berglund
Developer in Sweden
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
On Fri, 23 Feb 2024 11:36:39 +, Peter Davis via Openvpn-users
wrote:
>> On Friday, February 23rd, 2024 at 2:50 PM, Bo Berglund
>> wrote:
>
>> On Fri, 23 Feb 2024 10:33:19 +, Peter Davis via Openvpn-users
>> openvpn-users@lists.sourceforge.net wrote:
>>
On Fri, 23 Feb 2024 10:33:19 +, Peter Davis via Openvpn-users
wrote:
>But:
>
># ls /etc/openvpn/Log/
>#
>
>No files have been created.
Logfile is created following a login to the
OpenVPN server you have configured for logging.
--
Bo Berglund
D
ase sensitive* in Linux so the
entry in your earlier post:
log_file="/tmp/Connections.log"
is *NOT* compatible with the script as I had written it where the variable
LOG_FILE is used...
--
Bo Berglund
Developer in Sweden
___
Openvpn-users mailing l
;[[":
>
># bash script-events.sh
>#
>
>Seems OK?
You also need to change "]" to "]]"...
https://www.baeldung.com/linux/bash-single-vs-double-brackets
--
Bo Berglund
Developer in Sweden
___
Openvpn-users ma
On Wed, 21 Feb 2024 06:59:25 +, Peter Davis via Openvpn-users
wrote:
>> On Tuesday, February 20th, 2024 at 8:26 PM, Bo Berglund
>> wrote:
>
>> On Tue, 20 Feb 2024 11:29:36 +, Peter Davis via Openvpn-users
>> openvpn-users@lists.sourceforge.net wrote:
>
n_name connected with IP $trusted_ip" >>
"$LOG_FILE"
Solution:
1) LOG_FILE is declared as a filename
2) echo "$LOG_TIMESTAMP - $common_name ..." >> "$LOG_FILE"
The second command adds the new info to the end of the defined file
What is it you do no
a Linux machine on Windows would be preferred, but why bother
when a bare metal Linux server is so simple to set up and keep lean and mean.
--
Bo Berglund
Developer in Sweden
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
htt
ll expire in 7 days.
--
Bo Berglund
Developer in Sweden
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
t via the environment variable script_type
like this
# Log client connect or disconnect event with IP address
if [ "$script_type" == "client-connect" ]; then
echo "$LOG_TIMESTAMP - $common_name connected with IP $trusted_ip" >>
"$LOG_FILE"
elif [ &
ot;$script_type" == "client-disconnect" ]; then
>> echo "$LOG_TIMESTAMP - $common_name disconnected with IP $trusted_ip" >>
>>
>> "$LOG_FILE"
>> fi
>>
>>
&g
On Wed, 14 Feb 2024 08:34:38 +0100, Bo Berglund wrote:
>I also want to log server side client connect/disconnect events on my server.
>
>And I have tried to read the documentation here:
>https://openvpn.net/community-resources/reference-manual-for-openvpn-2-5/
>
>I can find a
be very useful in my opinion.
I definitely do NOT want to send any email or such, just log to the file.
But the file must never be overwritten such that info disappears.
Is there such an example somewhere?
--
Bo Berglund
Developer in Sweden
On Mon, 5 Feb 2024 14:04:38 +0100, Gert Doering wrote:
>Hi,
>
>On Mon, Feb 05, 2024 at 12:25:51PM +0100, Bo Berglund wrote:
>> >How old is your OpenVPN?
>>
>> This is on the Ubuntu 20.04 LTS server:
>>
>> Aug 21 2023:
>>
>> $ openvp
On Mon, 5 Feb 2024 12:15:53 +0100, Marc SCHAEFER wrote:
>On Mon, Feb 05, 2024 at 09:55:58AM +0100, Bo Berglund wrote:
>> I tried the service restart and it worked inasfar as the logs now look like
>> this
>> example:
>>
>> Mon Feb 5 09:42:42 2024 us=7343
On Mon, 5 Feb 2024 10:52:22 +0100, Gert Doering wrote:
>Hi,
>
>On Mon, Feb 05, 2024 at 09:55:58AM +0100, Bo Berglund wrote:
>> I really wonder why it uses this terrible illogical display with the day name
>> first?
>>
>> So how can I change it to use the I
On Mon, 5 Feb 2024 09:04:06 +0100, Marc SCHAEFER wrote:
>Hello,
>
>On Mon, Feb 05, 2024 at 12:06:13AM +0100, Bo Berglund wrote:
>> restart the specific services or do I have to restart the server computer
>> itself?
>
>I am no systemd specialist, however, most of the
I have already done is then the only additional thing to do to
restart the specific services or do I have to restart the server computer
itself?
I'd rather only touch openvpn since the server is busy doing all sorts of
automatic things and I have to wait for an idl
On Sun, 4 Feb 2024 15:38:41 +0100, Gert Doering wrote:
>Hi,
>
>On Sun, Feb 04, 2024 at 02:17:35PM +0100, Bo Berglund wrote:
>> 2) But if you have actually taken the advice then making a user unable to
>> connect is very simple to manage by NOT revoking any key:
>>
le to get back in and
solving the problem.
So my take is: DO NOT USE revoking of keys to lock out users!
--
Bo Berglund
Developer in Sweden
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
On Sat, 27 Jan 2024 09:45:10 +0100, Bo Berglund wrote:
>On Mon, 22 Jan 2024 12:27:52 +0100, Gert Doering wrote:
>
>>Hi,
>>
>>On Mon, Jan 22, 2024 at 11:27:41AM +0100, Jochen Bern wrote:
>>> .02) OpenVPN prioritizes command line parameters over statements in co
ing *later*
>
> openvpn --something foo --config myconfig.ovpn
>
>in this case, the config file will "win".
>
>Later occurances of the same option override prior occurances - which
>for obvious reasons does not work for "turn this
be159f9e54e
So I edited the file (removed the --suppress-timestamps item) and saved it under
its name as shown.
But when I got back to the command line I was greeted with this:
Failed to reload daemon: Connection timed out
What does this mean and what should I do to get this
openvpn-server@server.service
loaded active running OpenVPN service for server
openvpn-server@serverlocal.service
loaded active running OpenVPN service for serverlocal
Do I do it like so:
sudo systemctl edit openvpn-server@server.service
or li
reason the connection goes down, will it try
to reconnect indefinitely?
The outage might be only a minute or two when for example the server has been
restarted for some reason.
Or it can be a lot longer if the server site or an intervening network link has
a longer power outage.
--
Bo Berglund
On Sun, 21 Jan 2024 21:59:01 +, tincantech via Openvpn-users
wrote:
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA256
>
>Hi,
>
>On Sunday, January 21st, 2024 at 9:17 PM, Gert Doering
>wrote:
>
>> Hi,
>>
>> On Sun, Jan 21, 2024 at 09:08:01PM +0100
vpn-server@serverlan
sudo systemctl start openvpn-server@serverlan
And this has worked just fine, except for the fact that there are no timestamps
inside the logfiles created when it runs.
The command to enable the service seems to bring along the unwanted
suppress-timestamps setting. :(
--
Bo Ber
On Sun, 21 Jan 2024 14:01:09 +0100, Bo Berglund wrote:
>On Sun, 21 Jan 2024 12:29:57 +, André via Openvpn-users
> wrote:
>
>>> In my logs a typical line taken at random reads:
>>>
>>> HakanUbu/83.166.213.132:65076 PUSH: Received control message: 'P
has driven me crazy many times
>> when I had to figure out a problem.
>>
>> And I am using verb 4 in the server's config file.
>>
>> Is there a separate config setting I have missed to make sure the logfiles
>> contain the timestamp on each line?
>
>
On Sun, 21 Jan 2024 10:39:55 +0100, Bo Berglund wrote:
>On Sun, 21 Jan 2024 03:21:40 +, tincantech via Openvpn-users
> wrote:
>
>>For posterity:
>>
>>Server log --verb 4:
>>
>>
>>
>>2024-01-21 03:06:59 us=764987 10.1.101.36:33510 [tct.66.c.
all clients until the DNS query expires...
>
>So, avoid doing things in synchronous ways that rely on "external services".
Could I launch a screen -d command in my script to do the actual work there?
In that case the main script could exit instantly. But only provided the
environ
r's config file.
Is there a separate config setting I have missed to make sure the logfiles
contain the timestamp on each line?
--
Bo Berglund
Developer in Sweden
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
On Sat, 20 Jan 2024 22:17:10 +0100, Gert Doering wrote:
>Hi,
>
>On Sat, Jan 20, 2024 at 07:57:17PM +0100, Bo Berglund wrote:
>> >Anything can be done via --client-connect / --client-disconnect scripts.
>>
>> Very interesting, I did not know about this
>>
r.
So having a list of disallowed clients read by the --client-connect script makes
it as simple as matching the provided CN value to the list and exit non-zero if
a match is found would disconnect the connecting client, right?
And one could do so much more with this type of script!
--
Bo Bergl
i via the tunnel?
I guess I have to revisit my notes from setting up the 2-way connection of my
home and cottage LAN:s...
Luckily I have a guest WiFi network *not* served by my main router so I can test
it all here (once the RPi has been configured) b
On Wed, 17 Jan 2024 22:30:05 +0100, Gert Doering wrote:
>Hi,
>
>On Wed, Jan 17, 2024 at 09:57:41PM +0100, Bo Berglund wrote:
>> Is there some way when that RPi has connected to my OpenVPN server to reach
>> it
>> "backwards" via the connected tunnel? I
losed loop kind of
connection...
Advice on how to configure the client and server for this is gratefully
appreciated.
TIA
--
Bo Berglund
Developer in Sweden
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge
word of the client ovpn file. The ovpn file itself contains an encrypted
username (the Common Name) which is what is used as identifier upon login and
can be used to reject logins via a ccd dir entry as I described earlier.
NOTE:
If you are reading old howto pages on the Internet then you might get confu
Client Common Name + the password to a log file
- Copy the ovpn file to a directory where all are stored.
By doing this script correctly once you can then produce many client ovpn files
rapidly.
--
Bo Berglund
Developer in Sweden
___
Open
graphic mumbo-jumbo, it just works
Config in the /etc/openvpn/server/server.conf file to enable its use is this
single line:
client-config-dir /etc/openvpn/ccd
--
Bo Berglund
Developer in Sweden
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
On Mon, 8 Jan 2024 15:35:17 +0100, Jochen Bern wrote:
>On 08.01.24 15:09, Bo Berglund wrote:
>> OK, in my case there are only a handful of clients so I could presuambly do
>> the
>> following by creating new server crypto files from scratch:
>
>If you'd like to g
he conf files regarding other settings
than the keys dir it should work the same as earlier.
QUESTION:
-
Is there some simple command to check the current lifetime of the involved
files?
There are several different types of files involved here (*.crt, *.csr, *.key,
*.pem) and I don't know ho
you additionally have to create updated OVPN files for the clients as
well? Or is there some other procedure that can be used?
Or do you have to start over?
--
Bo Berglund
Developer in Sweden
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
I will set the client up as a service then.
--
Bo Berglund
Developer in Sweden
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
devices which connect to home on demand
for subversion syncs. That works, but then it is handled by a person issuing the
commands (on and off) and the ovpn files are not located in the client dir...
--
Bo Berglund
Developer in Sweden
___
Openvpn-users
On Fri, 20 Oct 2023 18:39:54 -0400, Bo Berglund wrote:
>On Fri, 20 Oct 2023 22:12:18 +0200, Antonio Quartulli wrote:
>
>>Hi,
>>
>>On 20/10/2023 21:35, Bo Berglund wrote:
>>> What have I missed?
>>
>>Breaking your setup in mysterious ways is not goi
On Fri, 20 Oct 2023 22:12:18 +0200, Antonio Quartulli wrote:
>Hi,
>
>On 20/10/2023 21:35, Bo Berglund wrote:
>> What have I missed?
>
>Breaking your setup in mysterious ways is not going to help :-)
>
>As Gert pointed out, what you want to achieve requires configurin
On Fri, 20 Oct 2023 15:35:30 -0400, Bo Berglund wrote:
>On Thu, 19 Oct 2023 18:11:48 -0400, Bo Berglund wrote:
>
>>I.e. is it enough to remove the route into the local LAN for this to be
>>blocked
>>and only allowing web access forwarding?
>
>So today I tried this
On Thu, 19 Oct 2023 18:11:48 -0400, Bo Berglund wrote:
>I.e. is it enough to remove the route into the local LAN for this to be blocked
>and only allowing web access forwarding?
So today I tried this:
topology subnet
server 10.13.149.0 255.255.255.0 'nopool'
multihome #Oper
On Fri, 20 Oct 2023 01:22:17 +, tincantech via Openvpn-users
wrote:
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA256
>
>Hi,
>
>--- Original Message ---
>On Friday, October 20th, 2023 at 00:31, Bo Berglund
>wrote:
>
>
>
>> I have done that pr
he LAN.
>That must be done with the server firewall.
>eg: block VPN IPs from sending to the server LAN.
THat's IPTABLES, right?
--
Bo Berglund
Developer in Sweden
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://li
On Thu, 19 Oct 2023 22:39:29 +, tincantech via Openvpn-users
wrote:
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA256
>
>Hi,
>
>--- Original Message ---
>On Thursday, October 19th, 2023 at 23:11, Bo Berglund
>wrote:
>
>
>
>> Now I would li
config?
push "redirect-gateway def1 bypass-dhcp" #This makes the client access Internet
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 8.8.8.8"
I.e. is it enough to remove the route into the local LAN for this to be blocked
and only allowing web access fo
LAN it starts on) without any need for a
config change
IPTABLES can be set up without explicit LAN address specifiers, I believe.
Just a MASQUERADE rule for the nic.
--
Bo Berglund
Developer in Sweden
___
Openvpn-users mailin
On Fri, 06 Oct 2023 20:59:48 +, tincantech via Openvpn-users
wrote:
>On Friday, October 6th, 2023 at 21:17, Bo Berglund
>wrote:
>
>
>> In easyrsa2 one could enter a longer expiration than 3650 days by editing the
>> vars file and changing these entries
>>
>
- Activate lines and values:
set_var EASYRSA_CA_EXPIRE 7300
set_var EASYRSA_CERT_EXPIRE 7200
I have noted that these two have defaults of 3650 and 825 days respectively,
what is the reason for that and will my suggested expirations above not work?
--
Bo Berglund
Developer in Sweden
On Thu, 05 Oct 2023 10:56:25 -0700, Kenneth Porter
wrote:
>--On Thursday, October 05, 2023 7:30 PM +0200 Bo Berglund
> wrote:
>
>> sudo apt install openvpn
>> Reading package lists... Done
>> Building dependency tree... Done
>> Reading state information... Do
s the cause?
Any ideas what I could do now?
I am travelling to her on Monday and would like to bring along a replacement for
the server I gave her back in 2014 (RPi2B based).
This has worked fine for all these years but will stop working in 6 months when
the 10 year expiration of the certs hit...
-
w entries whereas these "Jason Long"
threads wind on "forever" filling up everyones mailboxes.
I believe this guy is better served in the OpenVPN *forum* which does not push
messages to all subscribers every time a post is made.
Please do not encourage him any longer.
--
Bo
On Fri, 1 Sep 2023 11:07:02 +0200, David Sommerseth
wrote:
>Before you ask more questions. Please do your homework and do some
>googling and reading first. The terminologies used here are industry
>standard.
+1 (or maybe +100)
--
Bo Berglund
Developer
3-02-25: This client is blocked from connecting
disable
This solves the problem and is persistent, but it requires the system to have
individual certs for each user (but who would not?).
To re-allow the client to connect is now as simple as removing the disable
command from the ccd file for the c
On Wed, 23 Aug 2023 17:55:55 +0200, Gert Doering wrote:
>Hi,
>
>On Wed, Aug 23, 2023 at 05:31:18PM +0200, Bo Berglund wrote:
>> >Server: 10.0.2.15
>> >Client: 10.0.2.16
>>
>> If the client is located inside the network 10.0.2.x and the server is ALSO
client-config-dir /etc/openvpn/ccd2
Or similar in the otyher conf file, i.e. Never mix the configurations between
server instances!
--
Bo Berglund
Developer in Sweden
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
ercial VPN services work to circumvent geoblocking.
I use this for a few people that need to be located inside our country for some
web access and we do not want to use any insecure commercial service for that.
--
Bo Berglund
Developer in Sweden
___
Openvpn
why the client can connect or why it cannot connect?
Your statement is ambiguous
Is it a question or a statement of fact?
--
Bo Berglund
Developer in Sweden
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
and how you come back
time and time again mixing in misconception after misconception...
Maybe you are really just trolling the mail list?
--
Bo Berglund
Developer in Sweden
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
ng to actually
read the documentation and instead rely on some dubious googled websites that
are not even up-to-date...
--
Bo Berglund
Developer in Sweden
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
e CN name of
each client):
CommonName.key
CommonName.crt
CommonName.csr
In the process of creating these the SERVER side ca.crt (or possibly ca.key) is
used to sign the client files (don't remember now since I have created a script
that handles it all when I need to make a new client).
Anyway
So you are not aware that Linux is case sensitive?
"Server" is NOT equal to "server"...
So what you use depends on what *exact* name you set the CN to when genererating
the files.
--
Bo Berglund
Developer in Sweden
on a Linux machine with
multiple IPv4 address, connections to IPv4 addresses will not work right on
kernels before 3.15, due to missing kernel support for the IPv4-mapped case
(some distributions have ported this to earlier kernel versions, though).
--
it myself, though.
Better to use it as it was designed.
--
Bo Berglund
Developer in Sweden
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
in WHY he wants several IP addresses on his
server NIC, which apparently is exposed directly to the Internet (how else could
it work)...
--
Bo Berglund
Developer in Sweden
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.
ld not even work because the only IP address that can be routed to from
the Internet is the one assigned by the Internet Service Provider to the device
connecting to the incoming fiber. And that ONLY if the ISP is not NAT-ing the
connections, in which case setting up a working OpenVPN server on
nel addresses to each device when
>connecting
>- Make the IoT device connect to the VPN as part of the boot sequence
>
>Now we can connect our PC to the same VPN and then connect to the device(s)
>using their known tunnel addresses.
>
>This works like a charm. :-)
>
>
>--
&g
On Mon, 31 Jul 2023 21:51:43 +0200, Gert Doering wrote:
>Hi,
>
>On Mon, Jul 31, 2023 at 09:11:31PM +0200, Bo Berglund wrote:
>> On Mon, 31 Jul 2023 18:52:07 + (UTC), Jason Long via Openvpn-users
>> wrote:
>>
>> >What is the usage of the "client-
ion.
Normally only useful if the client is the router on a client LAN.
See the docs:
https://community.openvpn.net/openvpn/wiki/HOWTO#IncludingmultiplemachinesontheclientsidewhenusingaroutedVPNdevtun
--
Bo Berglund
Developer in Sweden
___
Openvpn-user
ally used...
This works just fine, so why complicate everything like you are trying?
--
Bo Berglund
Developer in Sweden
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
On Wed, 26 Jul 2023 10:00:51 + (UTC), Jason Long via Openvpn-users
wrote:
>On Wednesday, July 26, 2023 at 09:18:35 AM GMT+3:30, Bo Berglund
> wrote:
>>On Tue, 25 Jul 2023 21:42:40 + (UTC), Jason Long via Openvpn-users
>> wrote:
>>
>>>Hello,By defaul
base service looks for server instance
configuration files is:
/etc/openvpn/server/
--
Bo Berglund
Developer in Sweden
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
rypto files for both services.
In this case the user will either be fully connected to the server LAN with
Internet access through the server LAN gateway (serverweb) or else (serverlocal)
just accessing the server side LAN as a network member and the Internet through
his own LAN gateway.
HTH
th a minimal
chance of).
I use the *same* crypto files for my installations of two services, one with a
gateway to the server side Internet connection and one only operating on the
local network while the client uses his own gateway to the internet.
Has been working fine for over 10 years now.
But you also have to set up IPTABLES correctly for the wanted routing to
happen
--
Bo Berglund
Developer in Sweden
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
es the port to
handle...
One forward rule for each service you enable.
And on the OpenVPN server device you will have to add the proper IPTABLES
settings to make the forwarding work.
HTH
--
Bo Berglund
Developer in Sweden
___
Openvpn-users mailin
Write the single command:
disabled
into the file.
Now the server works as before for all users except the one with the file in the
ccd dir who is blocked from access.
This has worked fine ever since for us.
--
Bo Berglund
Developer in Sweden
___
Openv
missed now?
I thought it would show when the cert is due to expire, but maybe not?
--
Bo Berglund
Developer in Sweden
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
.
Using this instead would probably be better:
export EASY_RSA="$PWD"
--
Bo Berglund
Developer in Sweden
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
tired.
Just maintaining the older stuff which includes the OpenVPN connectivity and
Subversion servers.
Cheers!
--
Bo Berglund
Developer in Sweden
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
On Tue, 07 Mar 2023 11:55:34 +0100, Bo Berglund wrote:
>I have now completed my conversion of the old script to ease building ovpn
>files
>for the clients. It handles both with and without password protection.
While documenting my procedure for the test upgrade on a copy of my real
On Mon, 06 Mar 2023 21:39:12 +, tincantech via Openvpn-users
wrote:
>On Monday, March 6th, 2023 at 20:42, Bo Berglund wrote:
>
>
>
>> Question:
>> -
>> I will call easy-rsa from within my script and I want to enter the password
>> as a
>>
1 - 100 of 262 matches
Mail list logo
